CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2021-07-09
Medium
CVE-2021-3637

Vendor: Redhat
Software: Keycloak
 

 
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

 
2021-06-25
High
CVE-2021-33541

Updating...
 

 
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.

 
2021-06-22
Medium
CVE-2021-22363

Updating...
 

 
There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.

 
2021-06-21
Medium
CVE-2021-29061

Vendor: Vfsjfilechooser2 project
Software: Vfsjfilechooser2
 

 
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.

 
Medium
CVE-2021-29063

Vendor: Mpmath
Software: Mpmath
 

 
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called.

 
Medium
CVE-2021-29059

Vendor: Is-svg project
Software: Is-svg
 

 
A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.

 
Medium
CVE-2021-29060

Vendor: Color-string project
Software: Color-string
 

 
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.

 
2021-06-08
Medium
CVE-2021-33175

Vendor: EMQX
Software: Emq x broker
 

 
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.

 
2021-06-02
Low
CVE-2020-14336

Vendor: Redhat
Software: Openshift co...
 

 
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.

 
2021-05-26
Low
CVE-2021-3527

Vendor: QEMU
Software: QEMU
 

 
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top